Electronic device and connection control method

ABSTRACT

A switch is provided on a device main body. When the switch is switched to a permission state, authentication by a specific identification code (PIN code) is permitted. When the switch is switched to an inhibition state, the authentication by the specific identification code is inhibited. When the switch is normally set in the inhibition state, any access from an illicit user using the specific identification code can be prevented. Additionally, when a predetermined time has elapsed after the switch is set in the permission state, the authentication by the specific identification code is inhibited. With this arrangement, even when the user forgets to return the switch that has been set in the permission state to the inhibition state, any illicit access can be prevented, and the security for the device can be ensured.

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application is based upon and claims the benefit of priorityfrom the prior Japanese Patent Application No. 2000-255840, filed Aug.25, 2000, the entire contents of which are incorporated herein byreference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention relates to an electronic device having aradio communication function for executing data communication withanother device and a connection control method.

[0004] 2. Description of the Related Art

[0005] In recent years, radio communication systems in personal areas,such as the IrDA, Bluetooth, and Home RF, have received a great deal ofattention. Particularly, the Bluetooth and Home RF are advantageous inomnidirectionality and high transmittance as compared to an infraredcommunication scheme such as the IrDA and are promising systems in thenear future. The Bluetooth is a short-distance radio communicationstandard and realizes radio communication within the range of 10 m or100 m using the 2.4-GHz ISM (Industrial Science Medical) band.

[0006] A radio communication system such as the Bluetooth or Home RF cansimultaneously connect a plurality of devices. In addition, as one ofcharacteristic features, the transmission distance is as long as, e.g.,10 to 100 m as compared to an infrared communication scheme such as theIrDA. Although this can improve the convenience, the user must make sureto sufficiently ensure the security and privacy of the radiocommunication system because the system can easily be accessed from theoutside.

[0007] As a general security system for a radio communication system, asecurity system is known, which is used an electronic key and inhibitscontinuous use of a single key to improve the security, therebyincreasing the safety against loss or theft.

[0008] The Bluetooth employs the following security scheme using userauthentication.

[0009] User authentication in the Bluetooth is managed by a uniqueauthentication password set in a device and an encryption key created bythe authentication password and an ID (a 48-bit address issued andmanaged by the IEEE) unique to the device. The authentication passwordis called a PIN (Personal Identification Number) code and formed from anarbitrary character string. The encryption key is called a link key andalso used for data encryption as well as user authentication.

[0010] Assume that a device A accesses a device B.

[0011] If the devices A and B are to be connected for the first time,the device A must input the PIN code of the device B. If it isdetermined that the PIN code input from the device A is correct, thedevice B determines that the authentication is successful and thencreates a link and permits connection. At this time, the device Bgenerates a link key of the device A by, e.g., multiplying the PIN codeof its own and the ID of the device A by a random number, and stores thelink key in the link key table together with the ID of the device A. Togenerate the link key, the ID of its own and the PIN code of the otherparty with which the link key is exchanged are also used.

[0012] On the other hand, if the device A is used to be connected to thedevice B in the past, the link key of the device A has already beenregistered in the link table. Hence, authentication using the link keyis executed without inputting the PIN code.

[0013] There are a variety of devices using the Bluetooth. One of themis a line connection device called a modem access point. This modemaccess point has a public line connection function. When thecommunication function of the Bluetooth is added to the device, it canbe connected to another Bluetooth device by radio. Hence, when the modemaccess point is accessed from an external device by radio, the externaldevice can be connected to a public line to use the Internet or the likewithout connecting a modular cable. In this case, the above-describedauthentication using a PIN code or link key is done in accessing themodem access point, and only an external device for which it isdetermined that the authentication is successful can be connected to themodem access point.

[0014] However, if the PIN code of the modem access point is known by aperson other than the authentic user by some means, that person mayillicitly access the modem access point using the PIN code. For a modemaccess point, since the user is charged for use of a public line uponconnection to the line, an illicit access poses a serious problem.

[0015] In addition, normally, a modem access point is installed at anunnoticeable place, and its power is often always ON. For this reason,the manager may not be aware of an illicit access from the outside tothe modem access point.

BRIEF SUMMARY OF THE INVENTION

[0016] It is an object of the present invention to provide an electronicdevice and connection control method which can prevent any illicitaccess from other devices and ensure the security.

[0017] In order to achieve the above object, according to the presentinvention, there is provided an electronic device having communicationunit executing authentication by a specific identification code increating a link to another device, comprising:

[0018] a switch capable of switching between a first state and a secondstate;

[0019] an inhibition unit configured to inhibit the authentication bythe specific identification code when the switch is set in the firststate; and

[0020] a permission unit configured to permit the authentication by thespecific identification code when the switch is set in the second state.

[0021] According to this electronic device, when the switch capable ofswitching between the first state and the second state is set in thefirst state, the authentication by the specific identification code isinhibited. When the switch is set in the second state, theauthentication by the specific identification code is permitted. Forthis reason, even when the user of another device knows the specificidentification code, no link to the device can be created unless theswitch is set in the first state.

[0022] Additional objects and advantages of the invention will be setforth in the description which follows, and in part will be obvious fromthe description, or may be learned by practice of the invention. Theobjects and advantages of the invention may be realized and obtained bymeans of the instrumentalities and combinations particularly pointed outhereinafter.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING

[0023] The accompanying drawings, which are incorporated in andconstitute a part of the specification, illustrate embodiments of theinvention, and together with the general description given above and thedetailed description of the embodiments given below, serve to explainthe principles of the invention.

[0024]FIG. 1 is a perspective view showing the outer appearance of aradio communication system according to an embodiment of the presentinvention;

[0025]FIG. 2 is an exploded perspective view of an access point used inthe radio communication system;

[0026]FIG. 3 is a perspective view showing a state wherein the accesspoint is used in vertical setting;

[0027]FIG. 4 is a perspective view showing the rear surface side of theaccess point;

[0028]FIG. 5 is a perspective view showing a state wherein the accesspoint is used in horizontal setting;

[0029]FIG. 6 is a perspective view showing the bottom surface side ofthe access point;

[0030]FIG. 7 is a perspective view of a BT-PC card attached to theaccess point;

[0031]FIG. 8 is an exploded perspective view of the BT-PC card;

[0032]FIG. 9 is a block diagram showing the arrangement of the radiocommunication system;

[0033]FIG. 10 is a view showing the arrangement of slide switchesprovided on the access point;

[0034]FIG. 11 is a view showing the arrangement of a rotary switchprovided on the access point;

[0035]FIG. 12 is a table showing the correspondence between the slideswitches and the rotary switch;

[0036]FIG. 13 is a block diagram showing the circuit arrangements of theaccess point and BT-PC card;

[0037]FIG. 14 is a block diagram showing the circuit arrangements of apersonal computer and BT-PC card connected to the access point as anexternal device;

[0038]FIG. 15 is a view showing the arrangement of a link table providedin the access point;

[0039]FIG. 16 is a view showing the arrangement of an authenticationerror table provided in the access point;

[0040]FIG. 17 is a flow chart showing operation state switchingprocessing by the slide switch provided on the access point;

[0041]FIG. 18 is a flow chart showing connection processing to anexternal device in the access point;

[0042]FIG. 19 is a view for explaining authentication operation by a PINcode;

[0043]FIG. 20 is a flow chart showing security information maintenanceprocessing in the access point;

[0044]FIG. 21 is a first flow chart showing authentication errorprocessing in the access point at the time of connection; and

[0045]FIG. 22 is a second flow chart showing authentication errorprocessing in the access point at the time of connection.

DETAILED DESCRIPTION OF THE INVENTION

[0046] The embodiment of the present invention will be described belowwith reference to the accompanying drawing.

[0047]FIG. 1 is a perspective view showing the outer appearance of aradio communication system according to an embodiment of the presentinvention. FIG. 1 shows a line connection device (to be referred to asan access point hereinafter) 10 having a public line connection functionand a personal computer 100 for executing radio communication with theaccess point 10.

[0048] A PC card (to be referred to as a BT-PC card hereinafter) 20according to the Bluetooth radio communication standard is detachablyattached to each of the access point 10 and personal computer 100. Theaccess point 10 and personal computer 100 can execute radio datacommunication by attaching the BT-PC cards 20.

[0049] The personal computer 100 is used here as an external devicewhich accesses the access point 10. A main body 114 of the personalcomputer 100 has a keyboard 112, liquid crystal display panel 116, andcard slot 118.

[0050] The access point 10 is connected to a public line 11 through amodular cable 12 so as to transfer data transmitted from the personalcomputer 100 by radio to the public line 11 and also transmit data inputfrom the public line 11 to the personal computer 100 by radio.

[0051] FIGS. 2 to 6 are views showing the arrangement of the accesspoint 10.

[0052]FIG. 2 is an exploded perspective view of the access point 10,FIG. 3 is a perspective view showing a state wherein the access point 10is used in vertical setting, FIG. 4 is a perspective view showing therear surface side of the access point 10, FIG. 5 is a perspective viewshowing a state wherein the access point 10 is used in horizontalsetting, and FIG. 6 is a perspective view showing the bottom surfaceside of the access point 10.

[0053] As shown in FIGS. 2 to 6, the access point 10 has an almostrectangular device main body 14 formed from, e.g., a synthetic resin.The device main body 14 has a slightly curved front surface 14 a, analmost flat rear surface 14 b opposing the front surface, a pair of sidesurfaces 14 c opposing each other, an upper surface 14 d, and a bottomsurface 14 e. The bottom surface 14 e and rear surface 14 b of thedevice main body 14 form the first and second installation surfaces,respectively.

[0054] The access point 10 can be used by vertically setting the devicemain body 14 with its bottom surface 14 e in contact with a desk surfaceor the like, as shown in FIGS. 3 and 4, or by horizontally setting thedevice main body 14 with its rear surface 14 b in contact with a desksurface or the like, as shown in FIG. 5. The rear surface 14 b has twoengaging concave portions 16 to be pinned or hooked. When the engagingconcave portions 16 are used, the device main body 14 can also be usedas a wall-type device with its rear surface opposing a wall.

[0055] One side surface 14 c of the device main body 14 has apush-button-type power switch 18. The other side surface 14 c has anRS232C connector 22 and AC adapter terminal 23 to be connected to apower supply. The front surface 14 a of the device main body 14 has aplurality of LEDs 24 as indicators for indicating the operation state ofthe access point 10. Examples of operation states to be indicated arepower ON (POWER), transmission (SD), reception (RD), off-hook (OH), andthe standby/active (STB/ACT) state of the BT-PC card 20 to be describedbelow.

[0056] The upper surface 14 d of the device main body 14 has adetachable transparent cover 15, a card insertion port 28 of a card slot26, and an eject button 30. As is apparent from FIG. 6, the bottomsurface 14 e has two modular jacks 32 that can be connected to themodular cable 12 for connecting the access point 10 to the public line11, a pair of left and right slide switches 34 a and 34 b, and a rotaryswitch 35.

[0057] A skirt portion 36 with a notch 37 is formed along the peripheraledge portion of the bottom surface 14 e. The skirt portion 36 functionsas a stand when the device main body 14 is vertically set. The modularcable 12 connected to the modular jack 32 is extracted to the outsidethrough the notch 37. Hence, even when the device main body 14 isvertically set with the modular cable 12 connected to the modular jack32, the device main body 14 can be stably supported by the skirt portion36 without interfering with the modular cable 12.

[0058] The card slot 26 functioning as a holding portion is prepared inthe device main body 14. The card insertion port 28 of the card slotopens to the upper surface 14 d of the device main body. The BT-PC card20 can be detachably inserted into the card slot 26 through the cardinsertion port 28.

[0059] The arrangement of the BT-PC card 20 will be described below.

[0060]FIG. 7 is a perspective view of the BT-PC card 20, and FIG. 8 isan exploded perspective view of the BT-PC card 20.

[0061] As shown in FIGS. 7 and 8, the BT-PC card 20 has a card main body40 complying with the PCMCIA standard and a transmitting/receivingsection 42 complying with the BT standard and projecting for one endside of the card main body. The card main body 40 has an almostrectangular frame 43 formed from synthetic resin. The frame 43 supportsthe peripheral edge portion of a card board 44 in the card main body 40.A connector 45 is attached to one end of the card board 44. The otherend portion of the card board projects from the card main body 40.

[0062] A plurality of electronic components 46A are mounted on onesurface, i.e., an upper surface 44 a of the card board 44. An antennasection 46B, an LED 47 which is turned on at the time oftransmission/reception, and a headset section 48 to be connected to aheadphone or microphone, all of which constitute thetransmitting/receiving section 42, are arranged on the upper surface ofthe other end portion of the card board 44.

[0063] The upper and lower surfaces of the card board 44 are coveredwith a pair of metal covers 50 a and 50 b fitted in the frame 43, exceptthe other end portion.

[0064] The transmitting/receiving section 42 has a cap 51 made of asynthetic resin. The cap 51 is fitted on the other end of the card mainbody 40 to cover the other end portion of the card board 44 and theantenna section 46B, LED 47, and headset section 48 mounted on the uppersurface of the other end portion.

[0065] In the BT-PC card 20, the front end with the connector 45 is theinsertion side end to the card slot 26. A first guide groove 52 aopening to the upper and side surfaces and front end face of the cardmain body 40 is formed at one side front end of the frame 43. A secondguide groove 52 b opening to only the side surface and front end face ofthe card main body 40 is formed at the other side front end of the frame43. The first and second guide grooves 52 a and 52 b regulate thedirections of obverse and reverse surfaces of the BT-PC card 20 when theBT-PC card 20 is inserted into the card slot 26.

[0066] The BT-PC card 20 to be attached to the personal computer 100 hasthe same arrangement as described above and is attached through the cardslot 118 provided on the side surface portion of the personal computer100, as shown in FIG. 1.

[0067] When the BT-PC cards 20 having the above arrangement are attachedto the access point 10 and personal computer 100, data communicationaccording to the Bluetooth radio communication standard is possiblebetween the access point 10 and the personal computer 100.

[0068] In accessing the access point 10 from the personal computer 100,if the access point 10 and personal computer 100 are to be connected forthe first time, the personal computer 100 must input the PIN code of theaccess point 10. If the PIN code input from the personal computer 100 iscorrect, the access point 10 creates a link and permits connection. Atthis time, the access point 10 generates a link key on the basis of theID of the personal computer 100 or the PIN code of its own. For the nextconnection request from the personal computer 100, authentication usingthe link key is performed.

[0069] Only a user permitted to connect is notified of the PIN code(authentication password) of the access point 10 in advance. However, ifthe PIN code is known by a person other than the authentic user by somemeans (for example, by using software dedicated to decoding), thatperson may illicitly access the access point 10 using the PIN code anduse the public line 11 without permission.

[0070] A technique of preventing such an illicit access will be mainlydescribed below.

[0071]FIG. 9 is a block diagram showing the arrangement of the radiocommunication system of the present invention in correspondence with thearrangement shown in FIG. 1 in which a radio communication system isconstructed by the access point 10 and personal computer 100.

[0072] In this embodiment, the slide switches 34 a and 34 b are arrangedat an unnoticeable place, e.g., on the lower surface of the access point10, as shown in FIG. 10. The slide switches 34 a and 34 b can switchbetween two positions, i.e., the inhibition mode and permission mode.The slide switch 34 a inhibits/permits authentication operation by a PINcode (new device registration operation). The slide switch 34 binhibits/permits security information maintenance operation (PIN code orlink key change operation).

[0073] The slide switches 34 a and 34 b are basically operated by themanager of the access point 10. Normally, both the slide switches 34 aand 34 b are set in the inhibition state. To register a new device inthe access point 10, the manager operates the slide switch 34 a andswitches it to the permission state.

[0074] The slide switch 34 a is normally set in the inhibition state,and is switched to the permission state when the authentic user newlyexecutes connection. With this arrangement, a person other than theauthentic user can be prevented from inputting the PIN code of theaccess point 10 and making an illicit access.

[0075] Maintenance of security information stored in the access point10, e.g., changing the PIN code of the access point 10 or deleting thelink key of each device, can be executed by inputting a command from anexternal device (a device already registered). Maintenance of securityinformation can be executed only when the slide switch 34 b is set inthe permission state. This prevents the security information in theaccess point 10 from being accessed and changed without permission.

[0076] The rotary switch 35 as shown in FIG. 11 may be usedindependently of the slide switches 34 a and 34 b. The rotary switch 35can switch between at least four positions. At the first position, boththe authentication operation by a PIN code (new device registrationoperation) and the security information maintenance operation (PIN codeor link key change operation) are inhibited. At the second position,only the authentication operation by a PIN code is permitted. At thethird position, only the security information maintenance operation ispermitted. At the fourth position, both the authentication operation bya PIN code and the security information maintenance operation arepermitted.

[0077]FIG. 12 is a table showing the correspondence between the slideswitches 34 a and 34 b and the rotary switch 35. Referring to FIG. 12,SW1 represents the slide switch 34 a; SW2, the slide switch 34 b; OFF,the inhibition state; and ON, the permission state. In addition, 1 to 4denote the switched positions of the rotary switch 35.

[0078] When such a table representing the correspondence between theslide switches 34 a and 34 b and the rotary switch 35 is prepared in theaccess point 10, the operation state of the access point 10 can beswitched by the slide switches 34 a and 34 b or rotary switch 35. Theoperation state of the access point 10 is preferably switched using theslide switches 34 a and 34 b because the rotary switch 35 is hard tooperate as compared to the slide switches 34 a and 34 b. The followingdescription will be done assuming that the operation state of the accesspoint 10 is switched using the slide switches 34 a and 34 b.

[0079]FIG. 13 is a block diagram showing the circuit arrangements of theaccess point 10 and BT-PC card 20.

[0080] As shown in FIG. 13, the access point 10 has a CPU 72 forcontrolling the operation of the entire access point. The CPU 72 isconnected to the LEDs 24, switches 34 a, 34 b, and 35, connector 60serving as a PC card interface, ROM 73, RAM 74, nonvolatile memory 75,RTC (Real Time Clock) circuit 76, and the like. The power supplied fromthe AC adapter terminal 23 is supplied to the CPU 72 through a powersupply section 77.

[0081] The access point 10 also has a modem section 70 connected to thepublic line 11 through the modular cable 12 and modular jack 32. Themodem section 70 and RS232C connector 22 are connected to the CPU 72through a change-over switch 78. The modem section 70 and modular jack32 function as a transmitting/receiving section.

[0082] The ROM 73 stores communication protocols for radio communicationand communication with the public line 11. The RAM 74 stores driversoftware including the operation program of the access point 10, devicedriver, and radio communication protocol.

[0083] The RAM 74 has various storage sections 74 a to 74 c for storingthe first operation control information for controlling the PIN codeauthentication operation, the second operation control information forcontrolling the security information maintenance operation, andreference time information TM.

[0084] As the nonvolatile memory 75, for example, an EEPROM is used. Thenonvolatile memory 75 stores a link table T1 and authentication errortable T2 (to be described below) and also has an ID storage section 75 afor holding the ID of its own (registered in the BT-PC card 20) and apassword storage section 75 b for holding the PIN code of its own(authentication password which is arbitrarily created by the user).

[0085] The RTC circuit 76 counts the current time.

[0086] The modem section 70 converts digital data input from the BT-PCcard 20 into analog data and transfers it to the public line 11 throughthe modular jack 32, or converts analog data input from the public line11 through the modular jack 32 into digital data and transfers it to theCPU 72.

[0087] The RS232C connector 22 is arranged to serially connect theaccess point 10 to an external device such as the personal computer 100through an RS232C cable (not shown). For example, the access point 10can be connected to an ISDN terminal adapter through the RS232Cconnector 22 and RS232C cable so as to transmit digital data input fromthe BT-PC card 20 without any conversion.

[0088] The change-over switch 78 switches between connection to thepublic line 11 through the modem section 70 and modular jack 32 andconnection to another electronic device through the RS232C connector 22.

[0089] The BT-PC card 20 attached to the access point 10 has, as radiomodules complying with the BT standard, the antenna section 46B, RFsection 80, baseband section 81, memory 82, quartz oscillation section83, headset section 48, AD/DA conversion section 84, and LED 47.

[0090] Data transmission/reception between the BT-PC card 20 and theaccess point 10 is done through the connector 45. The antenna section46B transmits or receives a radio wave to execute radio communication.The frequency band to be used is 2.4 to 2.5 GHz complying with the BTstandard. The RF section 80 executes signal processing for enablingcommunication using a predetermined radio wave frequency.

[0091] The baseband section 81 executes digital processing for datainput through the antenna section 46B and RF section 80 so as to convertthe data into data processible by the access point 10, stores the datain the memory 82, and transmits the data to the access point. Assumethat an ID is stored in the memory 82 in advance. Actually, an IDassigned to the BT-PC card 20 is stored in an unrewritable memory (notshown) in advance, and in attaching the BT-PC card 20, the ID of theBT-PC card 20 is written in the nonvolatile memory 75 as identificationinformation unique to the device.

[0092] The LED 47 is turned on when, e.g., data is transmitted/received.The quartz oscillation section 83 supplies a reference wave to be usedby the RF section 80. The headset section 48 is connected to a headsethaving a headphone and microphone so as to input/output a voice signal.The AD/DA conversion section 84 converts an analog voice signal inputfrom the headset section 48 into digital data or converts a digitalvoice signal input from the access point 10 through the baseband section81 into analog data and outputs it to the headset section 48.

[0093]FIG. 14 is a block diagram showing the circuit arrangements of thepersonal computer 100 and BT-PC card 20 connected to the access point 10as an external device.

[0094] The personal computer 100 has the main body 114 with the keyboard112, and the liquid crystal display panel 116 provided on the main body114 to be freely opened, as shown in FIG. 1. The main body 114 has thecard slot 118, and the BT-PC card 20 is detachably inserted into thecard slot 118. The card slot 118 has almost the same arrangement as thatof the card slot 26 of the access point 10 described above. The BT-PCcard 20 is identical to that for the access point 10 and has the sameinternal arrangement as that shown in FIG. 13, and a description thereofwill be omitted.

[0095] The personal computer 100 has an interface connector 120complying with the PCMCIA standard, that transmits/receives data to/fromthe BT-PC card 20, and a CPU 122 for controlling the operation of theentire personal computer. The CPU 122 is connected to a USB 124, ROM126, RAM 128, and the like.

[0096] The USB 124 is used to, e.g., serially connect the access point10 through the RS232C connector 22. The ROM 126 stores data such as aprogram. The RAM 128 stores various data necessary for the processingoperation of the CPU 122. The RAM 128 also has various data storagesections for storing a PIN code (authentication password which isarbitrarily created by the user) set in the personal computer 100 and anID read from the BT-PC card 20.

[0097] The arrangements of the link table T1 and authentication errortable T2 managed by the access point 10 will be described below.

[0098]FIG. 15 is a view showing the arrangement of the link table T1.

[0099] In the link table T1, an ID (address) unique to each device, alink key generated on the basis of the ID and the like, a finalconnection time, and a data ON/OFF flag are registered.

[0100] As described above, when a connection request is received from anew device (a device unregistered in the link table T1), the accesspoint 10 executes authentication by a PIN code. If the authentication issuccessful, a link key is generated on the basis of the ID of the deviceand the like and registered in the link table T1 together with the ID.The connection time is acquired from the RTC circuit 76 and registeredin the link table T1. The connection time is updated every time thedevice is connected. The data ON/OFF flag represents whether data isregistered in the record column.

[0101]FIG. 16 is a view showing the arrangement of the authenticationerror table T2.

[0102] In the authentication error table T2, an ID (address) unique toeach device, the number of times of authentication error occurrence, afinal connection time, and a data ON/OFF flag are registered.

[0103] For a device for which it is determined that the authenticationby a PIN code fails, the access point 10 registers the ID of the deviceand the number of times of authentication error occurrence in theauthentication error table T2 in correspondence with each other. Theinitial value of the number of times of authentication error occurrenceis “1”, which is updated every time it is determined for the device thatthe authentication fails. The connection time is acquired from the RTCcircuit 76 and registered in the authentication error table T2. Theconnection time is updated every time the device is connected. The dataON/OFF flag represents whether data is registered in the record column.

[0104] The numbers of registered data in the link table T1 andauthentication error table T2 are determined in accordance with thecapacity of the nonvolatile memory 75. In the example shown in FIG. 15,the maximum number of registered data in the link table T1 is N. In theexample shown in FIG. 16, the maximum number of registered data in theauthentication error table T2 is M.

[0105] The operation of the system will be described below.

[0106] As processing operations for preventing an illicit access to theaccess point 10, (a) operation state switching processing by switches,(b) connection processing to external device, (c) security informationmaintenance processing, and (d) authentication error processing at thetime of connection will be described below.

[0107] (a) Operation State Switching Processing by Switches

[0108] As described above, the slide switches 34 a and 34 b forswitching the operation state of the access point 10 are arranged on thelower surface of the access point 10. The slide switch 34 a inhibits orpermits the authentication operation by a PIN code, and the slide switch34 b inhibits or permits the security information maintenance operation.

[0109] The operation state switching operation by the slide switch 34 awill be described below.

[0110]FIG. 17 is a flow chart showing operation state switchingprocessing by the slide switch 34 a provided on the access point 10.FIG. 17 shows the processing of a program executed by the CPU 72 in theaccess point 10. Referring to FIG. 17, SW1 means the slide switch 34 a.

[0111] In the access point 10, the state of the slide switch 34 a isalways monitored. Upon detecting that the slide switch 34 a is switchedfrom the inhibition state to the permission state (Yes in step All), theaccess point 10 acquires the current time from the RTC circuit 76 shownin FIG. 13 and sets the time in the reference time storage section 74 cin the RAM 74 as the reference time information TM (step A12). Then, thefirst operation control information for permitting the PIN codeauthentication operation is set in the first operation controlinformation storage section 74 a in the RAM 74 (step A13).

[0112] On the other hand, upon detecting that the slide switch 34 a isswitched from the permission state to the inhibition state (Yes in stepA14), the first operation control information for inhibiting the PINcode authentication operation is set in the first operation controlinformation storage section 74 a in the RAM 74 (step A15).

[0113] When the slide switch 34 a is switched from the inhibition stateto the permission state, and after that, the difference between thecurrent time and the reference time information TM set upon switching isa predetermined time or more, i.e., when a predetermined time haselapsed after the slide switch 34 a is switched to the permission state(Yes in step A16), the access point 10 sets the first operation controlinformation for inhibiting the PIN code authentication operation in thefirst operation control information storage section 74 a independentlyof the state of the slide switch 34 a (step A17).

[0114] The above processing also applies to the slide switch 34 b.

[0115] That is, when the slide switch 34 b is switched from theinhibition state to the permission state, the current time is set in thereference time storage section 74 c in the RAM 74 as the reference timeinformation TM. Simultaneously, the second operation control informationfor permitting the security information maintenance operation is set inthe second operation control information storage section 74 b in the RAM74. On the other hand, when the slide switch 34 b is switched from thepermission state to the inhibition state, the second operation controlinformation for inhibiting the security information maintenanceoperation is set in the second operation control information storagesection 74 b in the RAM 74.

[0116] When the slide switch 34 b is switched from the inhibition stateto the permission state, and after that, the difference between thecurrent time and the reference time information TM (different from thatfor managing the slide switch 34 a) set upon switching is apredetermined time or more, i.e., when a predetermined time has elapsedafter the slide switch 34 b is switched to the permission state, thesecond operation control information for inhibiting the securityinformation maintenance operation is set in the second operation controlinformation storage section 74 b in the RAM 74 independently of thestate of the slide switch 34 b.

[0117] The predetermined time is preferably about 10 min. However, thistime may be determined in advance or arbitrarily set by the manager ofthe access point 10.

[0118] (b) Connection Processing to External Device

[0119] Connection processing to an external device will be describedbelow.

[0120]FIG. 18 is a flow chart showing connection processing to anexternal device in the access point 10. FIG. 18 shows the processing ofa program executed by the CPU 72 in the access point 10.

[0121] For example, when a connection request is sent from the personalcomputer 100 as an external device to the access point 10 by radiocommunication, the access point 10 checks on the basis of the firstoperation control information stored in the first operation controlinformation storage section 74 a in the RAM 74 whether theauthentication operation by a PIN code is permitted (step B11 and B12).

[0122] As described above, if the slide switch 34 a is switched to thepermission state, and a predetermined time has not elapsed yet after theslide switch 34 a is switched to the permission state, the firstoperation control information indicates permission. If the slide switch34 a is switched to the inhibition state, or a predetermined time haselapsed after the slide switch 34 a is switched to the permission state,the first operation control information indicates inhibition.

[0123] If the authentication operation by a PIN code is permitted (Yesin step B12), the access point 10 checks on the basis of thepresence/absence of a link key for the personal computer 100 whether thepersonal computer 100 that requests connection is to be connected forthe first time (step B13). In the link table T1 held in the access point10, the IDs and link keys of devices which have been connected to theaccess point 10 are registered. If a link key for the personal computer100 is not present in the link table T1, i.e., if the ID of the personalcomputer 100 is not registered in the link table T1, it is determinedthat the personal computer 100 is to be connected for the first time.

[0124] If the access point 10 and personal computer 100 are to beconnected for the first time (Yes in step B13), a PIN code must be inputfrom the personal computer 100 to the access point 10.

[0125] When a PIN code is input from the personal computer 100, theaccess point 10 executes authentication by this PIN code (step B14).When the PIN code is correct, i.e., when the PIN code matches the PINcode of the access point 10 itself, which is stored in the passwordstorage section 75 b in the nonvolatile memory 75, it is determined thatthe authentication is successful (Yes in step B15).

[0126] The authentication operation by a PIN code will be describedbelow in detail with reference to FIG. 19.

[0127] Assume that a device A is to be connected to a device B. In thisembodiment, the device A corresponds to the personal computer 100, andthe device B corresponds to the access point 10. Referring to FIG. 19, apassword indicates the PIN code of the access point 10.

[0128] As shown in FIG. 19, first, the device A transmits a connectionrequest (step S1). Upon receiving the connection request from the deviceA, the device B analyzes the received data, and if it has no problem,transmits a connection establishment message to the device A (step S2).After that, connection between the devices A and B is established (stepS3). In this case, the connection indicates one between the lower layersof communication. For example, it means that “a temporary networkaddress is assigned” and does not always means the service of the upperapplication.

[0129] After the connection is established, an authentication procedureusing a password is executed. That is, when the connection isestablished, the device B outputs an authentication request to thedevice A to prompt it to input a password (step S4). The user of thedevice A inputs the password of the device B and transmits the password(step S5).

[0130] Upon receiving the password, the device B collates the passwordof its own with the received password. If the collation fails, a messagerepresenting that the password is wrong is returned to the device A. Ifthe collation is successful, the authentication is ended (step S6).

[0131] Referring back to FIG. 18, when the authentication operation by aPIN code is performed, and it is determined that the authentication issuccessful (Yes in step B15), the access point 10 creates a link (stepB16) and generates a link key for the personal computer 100 (step B17).More specifically, the access point 10 acquires the ID of the personalcomputer 100 and multiplies the ID or the PIN code of its own by arandom number generated on the access point 10 side, thereby generatinga link key which is difficult to decode.

[0132] If the link table T1 has no capacity (all the data ON/OFF flagsare ON) (No in step B18), device data with the oldest connection time isdeleted from the link table T1 (step B19). The access point 10 registersthe generated link key in the link table T1 together with the ID of thepersonal computer 100 (step B20). At this time, the current time isacquired from the RTC circuit 76 and registered in the link table T1 asthe final connection time, and the data ON/OFF flag is set to “ON”.

[0133] When the link key of the newly connected device is registered inplace of the link key of a device with the least possibility ofconnection, the PIN codes can be efficiently managed with a priorityplaced on the new connection partner within the number of registereddata (N data in the example shown in FIG. 15) in the link table T1prepared in the nonvolatile memory 75 so as to improve the convenience.

[0134] Alternatively, for example, the number of times of access fromeach device may be stored in the link table T1, and the data of a devicewith the smallest number of times of access may be deleted.

[0135] Instead, the registration time of each device may be stored inthe link table T1, and the data of a device with the oldest registrationtime may be deleted.

[0136] If the authentication by the PIN code is successful, connectionbetween the access point 10 and the personal computer 100 isestablished, and radio data commutation can be performed (step B21). Ifthe authentication by the PIN code fails (No in step B15), the accesspoint 10 rejects connection of the personal computer 100 that requestsconnection.

[0137] On the other hand, if the authentication operation by a PIN codeis inhibited (No in step B12) or the personal computer 100 is used to beconnected to the access point 10 in the past (No in step B13), theaccess point 10 executes authentication by a link key (step B22). Inthis case, when the personal computer 100 that requests connection isused to be connected to the access point 10 in the past, a link key forthe personal computer 100 should have been registered in the link tableT1, so that the authentication can be executed using the link key. Ifthe authentication is successful (Yes in step B23), the access point 10establishes connection to the personal computer 100 (step B21). If theauthentication by the link key fails (No in step B23), the access point10 rejects connection of the personal computer 100 that requestsconnection.

[0138] Only when the authentication operation by a PIN code ispermitted, a new device can try to access to the access point 10. Whenthe authentication operation by a PIN code is normally inhibited byoperating the slide switch 34 a, any person other than the authenticuser, who acquires the PIN code of the access point 10 by some means,cannot access the access point 10. Hence, any illegal operation such asuse of the public line 11 without permission can be prevented.

[0139] Even when the manager of the access point 10 forgets to switchthe slide switch 34 a to the inhibition state, the authenticationoperation by a PIN code is automatically inhibited after the elapse of apredetermined time independently of the state of the slide switch 34 a.For this reason, the security for the access point 10 can be improved.

[0140] (c) Security Information Maintenance Processing

[0141] Security information maintenance processing will be describedbelow.

[0142]FIG. 20 is a flow chart showing security information maintenanceprocessing in the access point 10. FIG. 20 shows the processing of aprogram executed by the CPU 72 in the access point 10.

[0143] After connection to the personal computer 100 as an externaldevice is established (step C11), a security information maintenancecommand is transmitted from the personal computer 100 by radio. Examplesof the security information maintenance command are a read or rewrite ofa PIN code, and a read or delete of the link table T1.

[0144] Upon receiving the maintenance command, the access point 10checks on the basis of the second operation control information storedin the second operation control information storage section 74 b in theRAM 74 whether the security information maintenance operation ispermitted (step C12).

[0145] As described above, if the slide switch 34 b is switched to thepermission state, and a predetermined time has not elapsed yet after theslide switch 34 b is switched to the permission state, the secondoperation control information indicates permission. If the slide switch34 b is switched to the inhibition state, or a predetermined time haselapsed after the slide switch 34 b is switched to the permission state,the second operation control information indicates inhibition.

[0146] If the security information maintenance operation is inhibited(No in step C13), the access point 10 rejects the maintenance command(step C14). In this case, no external device can execute the securityinformation maintenance.

[0147] If the security information maintenance operation is permitted(Yes in step C13), the access point 10 executes the maintenance command(step C15). If the PIN code is rewritten (Yes in step C16), the accesspoint 10 deletes all data in the link table T1 (step C17).

[0148] Only when the security information maintenance operation ispermitted, a command can be sent from the external device to rewrite thePIN code or the like. When the security information maintenanceoperation is normally inhibited by operating the slide switch 34 b, thesecurity information cannot be accessed without permission, and thesecurity for the access point 10 can be ensured.

[0149] Even when the manager of the access point 10 forgets to switchthe slide switch 34 b to the inhibition state, the security informationmaintenance operation is automatically inhibited after the elapse of apredetermined time independently of the state of the slide switch 34 b.For this reason, the security for the access point 10 can be ensured.

[0150] In addition, when the PIN code is changed, all data in the linktable T1 are cleared in consideration of the possibility of dataalteration by an illicit user, thereby further improving the security.If the link table T1 is cleared, all external devices are requested toinput the PIN code again. A user who does not know the PIN code newlyset in the access point 10 cannot be connected to the access point 10.

[0151] (d) Authentication Error Processing at the Time of Connection

[0152] Authentication error processing at the time of connection will bedescribed below.

[0153]FIGS. 21 and 22 are flow charts showing authentication errorprocessing in the access point 10 at the time of connection. FIGS. 21and 22 show the processing of a program executed by the CPU 72 in theaccess point 10.

[0154] Assume that the ID of the personal computer 100 is not registeredin the link table T1. When a connection request is received from thepersonal computer 100 (step D11), the access point 10 looks up theauthentication error table T2 (step D12). In the authentication errortable T2, the IDs of devices for which the authentication has failedbefore are registered, as shown in FIG. 16.

[0155] If the ID of the personal computer 100 is not registered in theauthentication error table T2 (No in step D13), the access point 10executes authentication by a PIN code as usual (step D14). If theauthentication is successful, i.e., if the PIN code input from thepersonal computer 100 matches the PIN code of the access point 10 (Yesin step D15), the access point 10 permits connection of the personalcomputer 100 (step D16).

[0156] If the authentication fails, i.e., if the PIN code input from thepersonal computer 100 does not match the PIN code of the access point 10(No in step D15), the access point 10 rejects connection of the personalcomputer 100 (step D17). At this time, the access point 10 acquires theID of the personal computer 100 and registers the ID in theauthentication error table T2. In addition, the access point 10 sets thenumber of times of error occurrence corresponding to the ID to theinitial value “1” and also acquires the current time from the RTCcircuit 76 and registers the time as the final connection time (stepD18).

[0157] Assume that it is determined in step D13 that the ID of thepersonal computer 100 that requests connection is registered in the linktable T1. That is, connection has been rejected before because the PINcode input from the personal computer 100 is wrong.

[0158] In this case, first, the access point 10 checks whether thenumber of times of error occurrence corresponding to the ID of thepersonal computer 100 in the authentication error table T2 exceeds apredetermined number of times (step D19). If the number of times oferror occurrence is equal to or smaller than the predetermined number oftimes (No in step D19), the access point 10 executes authentication by aPIN code as usual (step D20). If the authentication is successful, i.e.,if the PIN code input from the personal computer 100 matches the PINcode of the access point 10 (Yes in step D21), the access point 10permits connection of the personal computer 100 (step D22). At thistime, data related to the personal computer 100 is deleted from theauthentication error table T2 (step D23).

[0159] If the number of times of error occurrence is larger than thepredetermined number of times (No in step D19), the access point 10determines that the personal computer 100 is an illicit user and rejectsconnection of the personal computer 100 (step D24). At this time, thenumber of times of error occurrence for the personal computer 100 in theauthentication error table T2 is updated, and the current time isacquired from the RTC circuit 76 and the final connection time isupdated to the current time (step D25). This also applies to a casewherein the authentication fails in step D21. Connection is rejected,and data related to the personal computer 100 in the authenticationerror table T2 are updated (steps D24 and D25).

[0160] In executing the authentication by a PIN code, the number oftimes of authentication error occurrence is counted. When the number oftimes of authentication error occurrence for a single device exceeds apredetermined number of times, connection of that device is rejected.This prevents the single device from inputting a PIN code many times totry to illicitly access the access point 10. For this reason, thesecurity for the access point 10 can be improved.

[0161] The predetermined number of times is preferably about 5. However,the number of times may be determined in advance or arbitrarily set bythe manager of the access point 10.

[0162] If the authentication error table T2 has no capacity to registerthe data of a new device (all the data ON/OFF flags are ON), device datawith the oldest connection time is deleted from the authentication errortable T2, and the data of the new device is registered there. When olddata is deleted, the numbers of times of authentication error occurrencecan be efficiently managed with a priority placed on the new connectionpartner within the number of registered data (M data in the exampleshown in FIG. 16) in the authentication error table T2 prepared in thenonvolatile memory 75 so as to improve the convenience.

[0163] When the authentication operation by a PIN code or securityinformation maintenance operation is inhibited by operating the switcharranged on the access point 10, any illicit access from the outside canbe prevented, and the security can be improved. Even when the managerforgets to switch the switch, the security can be ensured because theauthentication operation by a PIN code or security informationmaintenance operation is automatically switched to the inhibition stateafter the elapse of a predetermined time independently of the state ofthe switch.

[0164] When an illicit PIN code is input from the same device manytimes, connection of the device is rejected after that. This prevents aperson who does not know the correct PIN code from trying to illicitlyaccess the access point.

[0165] To register a new connection partner and link key after thenumber of registered link keys in the link table T1 prepared in thenonvolatile memory 75 has reached the maximum storable number, analready stored link key is deleted in accordance with a predeterminedrule (e.g., in the chronological order of connection time or inascending order of access frequency), and the new link key is registeredin that region. With this processing, PIN code input for the subsequentconnection can be omitted with a priority placed on the new connectionpartner, so the convenience can be improved.

[0166] When a PIN code in the access point 10 is changed, all link keysof devices registered in the link table T1 are deleted, and input of anew PIN code is requested at the time of connection, thereby improvingthe security.

[0167] The ID of a BT module is registered in the BT-PC card 20 to beattached to each device. When the BT-PC card 20 is attached to theaccess point 10, the CPU 72 shown in FIG. 13 stores the ID registered inthe BT-PC card 20 in the ID storage section 75 a of the nonvolatilememory 75 in the access point 10 as information unique to the device.

[0168] When the CPU 72 detects through the connector 60 serving as a PCcard interface that the BT-PC card 20 is exchanged, all data in the linktable T1 are deleted, and a new link key is generated when a device isconnected.

[0169] This is because when the BT module (which stores the ID) is anexchangeable unit such as a PC card, a BT module different from thatattached to the access point 10 for the first time may be attached dueto user's error. A link key is generated on the basis of an ID and thelike. Hence, if a link key generated on the basis of an ID before BTmodule exchange remains, the link key is inconsistent with a link keygenerated by an ID after BT module exchange, and the access point cannotbe connected to an external device. To solve this problem, when the BTmodule is exchanged, all data currently registered in the link table T1are deleted, and a new link key is generated when a device is connected.

[0170] The present invention is effective for an illicit access by radiofrom an external device at a place remote from the access point 10.However, the access means to the access point 10 need not always be aradio means. For example, even in a system in which the access point 10and personal computer 100 shown in FIG. 1 are connected through acommunication cable, any illicit access can be prevented using the samemethod as in the above embodiment.

[0171] In the above embodiment, the access point 10 having a function ofconnecting the public line 11 has been exemplified. However, the methodof the present invention can be applied to any other device having acommunication function for connecting itself to another device by radioor the like.

[0172] The radio communication module used in each device need notalways be an exchangeable unit such as a PC card and may be incorporatedin a device.

[0173] As the radio communication scheme, not only the Bluetooth butalso another scheme may be employed.

[0174] Additional advantages and modifications will readily occur tothose skilled in the art. Therefore, the invention in its broaderaspects is not limited to the specific details and representativeembodiments shown and described herein. Accordingly, variousmodifications may be made without departing from the spirit or scope ofthe general inventive concept as defined by the appended claims andtheir equivalents.

What is claimed is:
 1. An electronic device having communication unitexecuting authentication by a specific identification code in creating alink to another device, comprising: a switch capable of switchingbetween a first state and a second state; an inhibition unit configuredto inhibit the authentication by the specific identification code whenthe switch is set in the first state; and a permission unit configuredto permit the authentication by the specific identification code whenthe switch is set in the second state.
 2. A device according to claim 1,further comprising: a time detection unit configured to detect whether apredetermined time has elapsed after the switch is set in the secondstate; and a control unit configured to inhibit the authentication bythe specific identification code when the time detection unit detectsthat the predetermined time has elapsed after the switch is set in thesecond state.
 3. An electronic device having radio communication unitexecuting authentication by a specific identification code in creating alink to another device, comprising: a storage unit storing a managementinformation used for the authentication by the specific identificationcode; a switch capable of switching between a first state and a secondstate; an inhibition unit configured to inhibit change of the managementinformation stored in the storage unit when the switch is set in thefirst state; and a permission unit configured to permit change of themanagement information stored in the management information storage unitwhen the switch is set in the second state.
 4. A device according toclaim 3, further comprising: a time detection unit configured to detectwhether a predetermined time has elapsed after the switch is set in thesecond state; and a control unit configured to inhibit change of themanagement information stored in the management information storage unitwhen it is detected that the predetermined time has elapsed after theswitch is set in the second state.
 5. An electronic device having radiocommunication unit which requires authentication by a specificidentification code in creating a link to another device, comprising: adevice code storage unit storing a device code of each linked device; anauthentication unit configured to execute, for the device, theauthentication by the specific identification code when a connectionrequest is received from another device and the device code of thedevice is not stored in the device code storage unit; an authenticationerror storage unit storing the device code of the device and the numberof times of error occurrence in correspondence with each other when theauthentication unit determines that the authentication fails; and acontrol unit configured to reject the connection request from the devicehaving the corresponding device code when the number of times of erroroccurrence stored in the authentication error storage unit exceeds apredetermined number of times.
 6. An electronic device having radiocommunication unit which requires authentication by a specificidentification code in creating a link to another device, comprising: anauthentication unit configured to execute, for the device, theauthentication by the specific identification code when a connectionrequest is received from another device; a creation unit configured tocreate link information to a device for which it is determined that theauthentication is successful; a registration unit configured to registerthe created link information in correspondence with the device; and adeletion unit configured to delete link information of a device which isdetermined as an unnecessary device in accordance with a predeterminedrule when the number of registered devices with the link informationexceeds an allowable number.
 7. A device according to claim 6, whereinthe registration unit registers a last connection time of each device incorrespondence with the link information of each device, and thedeletion unit deletes, of pieces of link information registered in theregistration unit, link information of a device having an oldestconnection time.
 8. A device according to claim 6, wherein theregistration unit registers a registration time in correspondence withthe link information of each device, and the deletion unit deletes, ofpieces of link information registered in the registration unit, linkinformation of a device having an oldest registration time.
 9. A deviceaccording to claim 6, wherein the registration unit registers the numberof times of connection of each device in correspondence with the linkinformation of each device, and the deletion unit deletes, of pieces oflink information registered in the registration unit, link informationof a device having a smallest number of times of connection.
 10. Anelectronic device having radio communication unit which requiresauthentication by a specific identification code in creating a link toanother device, comprising: a storage unit storing the specificidentification code; an authentication unit configured to execute, forthe device, the authentication by the specific identification codestored in the storage unit when a connection request is received fromanother device; a creation unit configured to create link information toa device for which it is determined that the authentication issuccessful; a registration unit configured to register the created linkinformation in correspondence with the device; and a deletion unitconfigured to delete all pieces of registered link information when thespecific identification code stored in the storage unit is changed. 11.An electronic device which requires authentication by a specificidentification code in creating a link to another device, comprising: anexchangeable radio communication unit to be connected to another device;a storage unit storing an identification code unique to the radiocommunication unit; an authentication unit configured to execute, forthe device, the authentication by the specific identification code whena connection request is received from another device; a creation unitconfigured to create link information to a device for which it isdetermined that the authentication is successful, on the basis of theidentification code of the radio commutation unit, which is stored inthe storage unit; a registration unit configured to register the createdlink information in correspondence with the device; and a deletion unitconfigured to delete all pieces of link information registered in theregistration unit when the radio communication unit is exchanged.
 12. Aconnection control method used for an electronic device havingcommunication unit which requires authentication by a specificidentification code in creating a link to another device, and a switchcapable of switching between a first state and a second state,comprising: permitting the authentication by the specific identificationcode when the switch is set in the second state; and inhibiting theauthentication by the specific identification code when the switch isset in the first state.
 13. A method according to claim 12, furthercomprising: determining whether it is detected that a predetermined timehas elapsed after the switch is set in the second state; and inhibitingthe authentication by the specific identification code when thepredetermined time has elapsed after the switch is set in the secondstate.
 14. A connection control method used for an electronic devicehaving radio communication unit which requires authentication by aspecific identification code in creating a link to another device, amemory storing a management information management information used forconnection to another device, and a switch capable of switching betweena first state and a second state, comprising: permitting change of themanagement information stored in the memory when the switch is set inthe second state; and inhibiting change of the management informationstored in the memory when the switch is set in the first state.
 15. Amethod according to claim 14, further comprising: determining whether apredetermined time has elapsed after the switch is set in the secondstate; and inhibiting change of the management information stored in thememory when the predetermined time has elapsed after the switch is setin the second state.
 16. A connection control method used for anelectronic device having radio communication unit which requiresauthentication by a specific identification code in creating a link toanother device, a first memory for storing a device code of each linkeddevice, and a second memory for storing the device code and the numberof times of error occurrence of another device in correspondence witheach other, comprising: executing, for the device, the authentication bythe specific identification code when a connection request is receivedfrom another device and the device code of the device is not stored inthe first memory; storing the device code of the device and the numberof times of error occurrence in the second memory in correspondence witheach other when it is determined by the authentication that theauthentication fails; and rejecting the connection request from thedevice having the corresponding device code when the number of times oferror occurrence stored in the second memory exceeds a predeterminednumber of times.
 17. A connection control method used for an electronicdevice having radio communication unit which requires authentication bya specific identification code in creating a link to another device, anda memory for storing link information to another device incorrespondence with the device, comprising: executing, for the device,the authentication by the specific identification code when a connectionrequest is received from another device; creating link information to adevice for which it is determined by the authentication that theauthentication is successful; registering the link information incorrespondence with the device and, when the number of registereddevices with the link information exceeds an allowable number, deletinglink information of a device which is determined as an unnecessarydevice in accordance with a predetermined rule.
 18. A connection controlmethod used for an electronic device having radio communication unitwhich requires authentication by a specific identification code increating a link to another device, a first memory for storing thespecific identification code, and a second memory for storing linkinformation of another device in correspondence with the device,comprising: executing, for the device, the authentication by thespecific identification code stored in the first memory when aconnection request is received from another device; creating linkinformation to a device for which it is determined by the authenticationthat the authentication is successful; registering the link informationin the second memory in correspondence with the device; and deleting allpieces of link information registered in the second memory when thespecific identification code stored in the first memory is changed. 19.A connection control method used for an electronic device having anexchangeable radio communication unit to be connected to another devicewhich requires authentication by a specific identification code increating a link to the device, a first memory for storing anidentification code unique to the radio communication unit, and a secondmemory for storing link information of another device in correspondencewith the device, comprising: executing, for the device, theauthentication by the specific identification code stored in the firstmemory when a connection request is received from another device;creating link information to a device for which it is determined by theauthentication that the authentication is successful, on the basis ofthe identification code of the radio communication unit, which is storedin the first memory; registering the link information in the secondmemory in correspondence with the device; and deleting all pieces oflink information registered in the second memory when the radiocommunication unit is exchanged.